Hi all 

Thanks for quick response. Yes they are using VRRP for HA.

Looking at the show vrrp command it does say that one is master for all monitored interfaces and the standby box states backup.

Its just strange that this was showing active/standby with cphaprob stat and is now showing active/active.. Strange. Luckily we are replacing these boxes with some 6500s and we will be using clusterXL as we have no real need to be using VRRP.

Just another quick question. If I need to make the standby a master an a certain interface how would I do that.

Thanks again

If an interface fails etc then would want the whole system to fail across to the Backup Unit.

Not really sure what you would get from that anyway

Traffic would go via the 1st Network and out of the 2nd Network which would still be Backup State.   This would work, however the reply traffic would then go back to the Active Unit still.

I'll be honest I haven't touched VRRP in years.    Was familiar more when using IP Appliances with IPSO but since Gaia then always moved to ClusterXL and if had issues with the MAC failing over then used the VMAC mode so that had a common MAC for the Cluster IP.

Only had to to do that with a couple of customers, only thing I could ever find was that BT involved as the ISP.

HI Mdjmcnally

Sorry meant to force the entire system over to the standby. I'm a little rusty on vrrp as well lol. These are old boxes and not really sure why they were setup this way in the first place. ClusterXL will be on the new boxses.

Thanks for the reply

I suspect that most likely that they replaced Nokia IP Appliances, which ran VRRP which is usually where come across people using Gaia VRRP.

However I can answer this one for you.

VRRP works on a Priority and Priorty Delta.

The Priority is the BOX priority and the Priority Delta is the change made to that by each Interface.

If you look in the Gaia Portal then look at the Virtual Router.

TYPICALLY people set a Priority with a difference of 10 between the two boxes, ie 100 and 95 with a Priority Delta of 10.

IF one of the Interfaces fails then this will subtract 10 from the Priority, so would drop the 100 to 90 which being lower then the 95 on the Second Unit would cause the system to failover.

So if you want to force a failover then look at the two units to see what the Priority is set too and adjust one of the units Priority, ie if the 1st is 100 and the 2nd 95 then make the 2nd a Priority of 105 which will then give that the higher priority and then cause the failover.

Then if want to move back then change the Priority back to 95.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Gives details on how to configure VRRP and goes through how it works as a nice refresher.

Hi Mdjmcnally

Thanks for the reply.

That makes sense.

I'll have a read through that document it will be a good refresher cheers.

Cheers

For as long as I can remember, if you are using a third party clustering solution (i.e. not ClusterXL), the command cphaprob stat, the SmartView Monitor, and the SmartConsole Gateways & Servers tab have always shown a status of Active/Active along with the term "Sync Only".  This indicates that the only portion of ClusterXL in use with something like VRRP is the state sync functionality between the members.  Of course the true state of the VRRP cluster can be determined from the Gaia level.